Vendor web page: http://brownbearsw.com/
Product: Calcium web calendar
Product web page: http://brownbearsw.com/calcium/WhatIsIt.html
Vendor's Product Description:
Calcium is a Web Calendar application. It will run on nearly any machine with a web server that can run Perl CGI scripts; a web browser is all you need to view, edit, and manage any number of calendars from any network connected computer. All administration is done with your browser - after installation, there's no need to log in to the web server.
Vulnerability class: Cross-Site Scripting
Severity: Medium
Vulnerability details:
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Hewlett-Packard's Network Node Manager.
Authentication is not required to exploit this vulnerability.
The specific flaws exist within Perl CGI executables distributed with
Network Node Manager (NNM). Several of these applications fail to
sanitize the hostname HTTP variable when requests are made to the NNM
HTTP server which listens by default on TCP port 3443. By supplying a
pipe operator a malicious attacker can insert arbitrary commands that
will be executed on the remote server.
